﻿
<?php

@session_start();

//header("Content-type:text/html;charset=utf-8");

require(dirname(__FILE__) . "/./lib/common.inc");

$s_aid = '';
$username = '';
$content = '';
$avatar = '';

if (!isset($_POST['id'])) {
	$s_aid = '';
} else {
	$s_aid = $_POST['id'];
}

if(!isset($_SESSION['username'])){
	$username = '';
} else {
	$username = $_SESSION['username'];
}

if (!isset($_POST['content'])) {
	$content = '';
} else {
	// 过滤掉一些非法字符，目前只知道这些，以后慢慢增加
	$content = $_POST['content'];
	if (!get_magic_quotes_gpc())
		$content = str_replace('"', "\\\"", $content);
	$content = str_replace("\r","",$content);
	$content = str_replace("\n","",$content);
	$content = str_replace("\t","",$content);
}

$errno = 0;$s_errno = '0';$s_maketime = "";
if (trim($s_aid) == "") $errno = -1;
if (trim($username) == "") $errno = -2;
if (trim($content) == "") $errno = -3;
$s_errno = strval($errno);
if ($errno < 0) {
	$content = "";
	echo("{\"cid\":\"{$s_cid}\",\"username\":\"{$username}\",\"avatar\":\"{$avatar}\",\"maketime\":\"{$s_maketime}\",\"content\":\"{$content}\",\"errno\":\"{$s_errno}\"}");
	exit();
}


$s_cid = "";
$s_cid = add_comment($s_aid, $username, $content);
$s_maketime = date('Y年m月d日H时i分s秒');
if ($s_cid == "") {$errno = -4;	$content = "";}
$s_errno = strval($errno);
$avatar = get_avatar_user($username);
echo("{\"cid\":\"{$s_cid}\",\"username\":\"{$username}\",\"avatar\":\"{$avatar}\",\"maketime\":\"{$s_maketime}\",\"content\":\"{$content}\",\"errno\":\"{$s_errno}\"}");

?>
